forked from evolix/ansible-roles
evoacme: add squid whitelist for ocsp server
This commit is contained in:
parent
708860770a
commit
f068684a76
|
@ -13,3 +13,8 @@
|
|||
- name: apt update
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
||||
- name: reload squid3
|
||||
service:
|
||||
name: squid3
|
||||
state: reloaded
|
||||
|
|
|
@ -53,3 +53,25 @@
|
|||
src: certbot.cron
|
||||
dest: /etc/cron.daily/certbot
|
||||
mode: "0755"
|
||||
|
||||
- name: Is Squid installed?
|
||||
command: "command -v squid3"
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: is_squid3_installed
|
||||
|
||||
- name: Find squid3 config whitelist
|
||||
shell: find /etc/squid3/whitelist-custom.conf /etc/squid3/whitelist.conf 2> /dev/null
|
||||
failed_when: false
|
||||
changed_when: false
|
||||
check_mode: no
|
||||
register: squid3_whitelist_files
|
||||
|
||||
- name: Let's Encrypt OCSP server is authorized by squid
|
||||
lineinfile:
|
||||
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
|
||||
line: "http://ocsp.int-x3.letsencrypt.org/.*"
|
||||
state: present
|
||||
notify: reload squid3
|
||||
when: is_squid3_installed.rc == 0 and squid3_whitelist_files.stdout != ""
|
||||
|
|
Loading…
Reference in a new issue